From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HgXcx-0003ss-QR for qemu-devel@nongnu.org; Tue, 24 Apr 2007 22:53:07 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HgXcw-0003sU-D7 for qemu-devel@nongnu.org; Tue, 24 Apr 2007 22:53:07 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HgXcw-0003sN-5n for qemu-devel@nongnu.org; Tue, 24 Apr 2007 22:53:06 -0400 Received: from py-out-1112.google.com ([64.233.166.177]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1HgXXM-0007Nh-3X for qemu-devel@nongnu.org; Tue, 24 Apr 2007 22:47:20 -0400 Received: by py-out-1112.google.com with SMTP id h31so101067pyc for ; Tue, 24 Apr 2007 19:47:18 -0700 (PDT) Message-ID: <12b5f1ef0704241947q50309a5fyda7f4c6bfba59667@mail.gmail.com> Date: Tue, 24 Apr 2007 19:47:14 -0700 From: "Nickolai Zeldovich" Sender: nickolai.zeldovich@gmail.com MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: [Qemu-devel] [PATCH] fix exception precision for cmpxchg8b Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org In qemu-0.9.0, an exception in cmpxchg8b (e.g. page fault due to a missing TLB entry) causes the wrong eip value to be pushed onto the exception stack -- it seems to be the eip of the last exception or the start of the translation block, whichever happened last. This makes it impossible to resume execution after such an exception. The simple patch below fixes it, by explicitly saving the current eip before invoking the cmpxchg8b helper; the same approach appears to be taken in many other instructions before generating code that could raise an exception. Apologies for the non-tab-clean patch, but it's simple enough to apply by hand. I can't quite understand what's generating the equivalent piece of code (to save pc_start into eip) for the cmpxchgl instruction (defined right above cmpxchg8b in translate.c). I'd be thankful if someone could explain to me where it's getting saved. Nickolai. --- qemu-0.9.0/target-i386/translate.c 2007-02-05 15:01:54.000000000 -0800 +++ /home/nickolai/build/qemu-0.9.0/target-i386/translate.c 2007-04-24 19:33:47.000000000 -0700 @@ -3800,6 +3800,7 @@ if (s->cc_op != CC_OP_DYNAMIC) gen_op_set_cc_op(s->cc_op); gen_lea_modrm(s, modrm, ®_addr, &offset_addr); + gen_jmp_im(pc_start - s->cs_base); gen_op_cmpxchg8b(); s->cc_op = CC_OP_EFLAGS; break;